Max's Blog

session是保存在服务器端没错，但是要知道哪个用户是使用什么session，通过http协议这么知道的呢？

举个例子，服务器是resin，sessionid格式是使用cookie，session失效期是30分钟，这些可以通过服务器配置文件resin.conf设置：

<session-config>
        <session-max>4096</session-max>
        <session-timeout>30</session-timeout>
        <enable-cookies>true</enable-cookies>
        <cookie-domain>yourdomain</cookie-domain>
        <enable-url-rewriting>true</enable-url-rewriting>
</session-config>

进去一个使用session的jsp页面，检查response头，发现：
Set-Cookie: JSESSIONID=b5a86TcEnktd; domain=yourdomain; path=/
第一次访问的时候jsp发现这个请求没带有JSESSIONID，所以生产一个，并且set进去浏览器的cookie里面

然后第二次访问这个页面（不关闭浏览器）浏览器发现有这个cookie，对应这个domain和path，ok，
请求头包括这一行：
Cookie:  JSESSIONID=b5a86TcEnktd
服务器通过这个JSESSIONID到session池里面拿session，如果拿到，证明是有效的session（因为命名随机，所以很难撞），如果没有这个session，就证明sessionid无效，生成一个新的session，然后想上面一样set进cookie

此时关闭浏览器，再打开，访问同样的页面，由于浏览器发现刚才那个cookie已经过期（存活期是浏览器期限），所以请求头并没有加上Cookie:  JSESSIONID=b5a86TcEnktd这一行，服务器解释这个请求，找不到JSESSIONID，自然帮他生产一个新的，然后又通过response设置成Set-Cookie。
Set-Cookie: JSESSIONID=adqOWayWfard; domain=yourdomain; path=/

好了，这个cookie的id是adqOWayWfard，原来的那个是b5a86TcEnktd，服务器并不知道b5a86TcEnktd已经没有人使用了，所以它还是会存活到30分钟后才消失，但是此时如果有请求是使用了b5a86TcEnktd的JSESSIONID，服务器会认为是有效请求，此时的session就已经被别人盗用了～当然这种可能性很低。

但是楼主说的情况，是外部提交的问题，用session是解决不了的！
只要你访问过一次需要提交的页面，生成可提交的session，记录sessionid，然后在30分钟内，你可以用这个session提交，你可以用程序set入去http请求里面，也可以用url代session方式：
http://yourdomain/test.jsp;jsessionid=b5a86TcEnktd
服务器一样可以拿到session。
当然你可以在session里面设置一个值，比如时间，没session和间隔太短的都不许提交，这样可能有效一点，呵呵，但是httpservletreaeust.getsession(false)这个东西是没有用di，只要有sessionid就能让他get出东西出来，哈哈。

记住，http协议能让人提交，就不能防止别人用同样的http协议提交，因为http协议是没有验证和数据持续的东西的，所有东西都是通过request header、body来传送，只要我能写程序，分析你的http响应，然后做到和平常人的提交一模一样，你是没有办法禁止的，就算使用了图片验证码，我也可以取得图片来分析，得出验证码提交，这就是为什么现在图片验证码要很多干扰线、gif动态，为的就是防止ocr分析，只是数字的ocr识别率是很高的，也很容易做（用java，做过一个），所以我们要干扰干扰干扰～～～～

Jury Compromise

Time Limit:1000MS  Memory Limit:10000K
Total Submit:987 Accepted:246 Special Judged

Description
In Frobnia, a far-away country, the verdicts in court trials are determined by a jury consisting of members of the general public. Every time a trial is set to begin, a jury has to be selected, which is done as follows. First, several people are drawn randomly from the public. For each person in this pool, defence and prosecution assign a grade from 0 to 20 indicating their preference for this person. 0 means total dislike, 20 on the other hand means that this person is considered ideally suited for the jury.
Based on the grades of the two parties, the judge selects the jury. In order to ensure a fair trial, the tendencies of the jury to favour either defence or prosecution should be as balanced as possible. The jury therefore has to be chosen in a way that is satisfactory to both parties.
We will now make this more precise: given a pool of n potential jurors and two values di (the defence’s value) and pi (the prosecution’s value) for each potential juror i, you are to select a jury of m persons. If J is a subset of {1,…, n} with m elements, then D(J ) = sum(dk) k belong to J
and P(J) = sum(pk) k belong to J are the total values of this jury for defence and prosecution.
For an optimal jury J , the value |D(J) – P(J)| must be minimal. If there are several jurys with minimal |D(J) – P(J)|, one which maximizes D(J) + P(J) should be selected since the jury should be as ideal as possible for both parties.
You are to write a program that implements this jury selection process and chooses an optimal jury given a set of candidates.

Input
The input file contains several jury selection rounds. Each round starts with a line containing two integers n and m. n is the number of candidates and m the number of jury members.
These values will satisfy 1<=n<=200, 1<=m<=20 and of course m<=n. The following n lines contain the two integers pi and di for i = 1,...,n. A blank line separates each round from the next. The file ends with a round that has n = m = 0. Output For each round output a line containing the number of the jury selection round ('Jury #1', 'Jury #2', etc.). On the next line print the values D(J ) and P (J ) of your jury as shown below and on another line print the numbers of the m chosen candidates in ascending order. Output a blank before each individual candidate number. Output an empty line after each test case. Sample Input 4 2 1 2 2 3 4 1 6 2 0 0 Sample Output Jury #1 Best jury has value 6 for prosecution and value 4 for defence:  2 3 Hint If your solution is based on an inefficient algorithm, it may not execute in the allotted time. Source Southwestern European Regional Contest 1996